Skip to content

TEEs

Trusted execution environments can make general-purpose confidential computation practical, but they introduce trust in hardware, firmware, attestation, cloud configuration, and side-channel mitigations.

Side-Channel Risk In Real Deployments

Field Card
Problem How should teams reason about side-channel risk in real TEE deployments?
The itch Security reviews ask whether a TEE is safe, but the answer depends on workload, adversary, cloud configuration, patching, and leakage tolerance.
Why it matters Teams can either overtrust TEEs or reject useful deployments because risk is hard to explain.
Current workaround Cite vendor security material or add broad caveats.
Why the workaround is insufficient It does not connect side channels to concrete architecture choices or mitigations.
What good progress would look like A workload-level side-channel review method with explicit leakage channels, mitigations, and residual-risk statements.
Difficulty Hard
Good for Privacy engineer, systems builder, security researcher
Related PETs TEEs, confidential inference, confidential RAG
Possible first contribution Create a side-channel checklist for one confidential RAG architecture covering memory access, timing, logs, and metadata.

Understandable Remote Attestation

Field Card
Problem Can remote attestation be made understandable to application developers?
The itch Attestation is often treated as a cryptographic ceremony instead of a product requirement developers must integrate and monitor.
Why it matters A confidential-computing claim is weak if clients do not verify what code and environment they are trusting.
Current workaround Vendor SDK examples, manual security review, or no client-side verification.
Why the workaround is insufficient It leaves attestation fragile, invisible, or disconnected from deployment changes.
What good progress would look like Developer-facing attestation flows with clear failure states, version binding, policy checks, and logs.
Difficulty Medium
Good for Systems builder, privacy engineer, security engineer
Related PETs TEEs
Possible first contribution Build a minimal attested API example where the client refuses responses from unexpected code measurements.

Cloud Portability For Confidential Workloads

Field Card
Problem How portable are confidential-computing workloads across clouds?
The itch Teams want multi-cloud or migration options, but TEE features, attestation formats, operational tooling, and performance differ.
Why it matters Lock-in can become a security, procurement, and resilience issue.
Current workaround Pick one cloud and document assumptions.
Why the workaround is insufficient It hides the cost of migration and makes privacy claims dependent on a single platform.
What good progress would look like A portability matrix for workloads, attestation, key release, logging, and performance across major confidential-computing offerings.
Difficulty Medium
Good for Systems builder, privacy engineer, benchmark maintainer
Related PETs TEEs, confidential inference, confidential RAG
Possible first contribution Run one small confidential inference service on two environments and compare setup, attestation, and latency.

TEE Output Leakage

Field Card
Problem How can TEE applications avoid leaking sensitive data through outputs and logs?
The itch Teams protect runtime plaintext but still emit answers, traces, support bundles, and metrics that contain sensitive facts.
Why it matters Many real privacy failures happen outside the protected enclave.
Current workaround Add access controls and manual log review.
Why the workaround is insufficient It treats output policy as an afterthought rather than part of the architecture.
What good progress would look like Patterns that bind attested code, output policy, log minimization, and audit events.
Difficulty Good first research problem
Good for Privacy engineer, systems builder
Related PETs TEEs, DP, confidential RAG
Possible first contribution Instrument a toy confidential API to classify and suppress sensitive logs, then document remaining leaks.